CMMC 1.0 Practice AC.3.021 Requirement:

Authorize remote execution of privileged commands and remote access to security relevant information.

CMMC 1.0 AC.3.021 Requirement Explanation:

By restricting which admins can conduct admin tasks remotely (e.g. via VPN connection) you are reducing the probability of an attacker being able to use a compromised account to access your systems and access security relevant information.

Example CMMC 1.0 AC.3.021 Implementation:

You can choose to completely restrict privileged accounts from accessing your network and system via a remote VPN connection. If that is not feasible see the below options. Document which of your system administrators are allowed to administer your systems via a remote VPN connection. Only place authorized admin accounts in security groups that allow for remote VPN access. Document the type of admin activity your admins can conduct remotely. An example is allowing them to provide desktop support services to end users but not allowing them to log into your active directory server via a VPN connection. Implement this using security groups. Restrict the ability to remotely access security relevant information such as your syslog server.

CMMC 1.0 AC.3.021 Scenario(s):

- Scenario 1:

To meet this security requirement your company prevents admins from connecting to your corporate network via VPN using their admin accounts. If they need to carry out privileged functions they must be onsite. The only exception to the rule is allowing members of the help desk to connect to workstations using a desktop support tool.
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.